Wireless drive-by

How easy is it to sniff out wireless networks with the intent to break in?

Very easy, if you have the right antennae hooked to your laptop and you have freeware network-sniffer software such as NetStumbler. That is what the security director of Guardent Inc., a Waltham, Mass.-based managed security service provider, used last week during a "war drive" through the business district and Capitol Hill area of Washington, D.C.

Riding in a Humvee with the company's name printed on each side, Todd Waskelis demonstrated how a person using radio frequency scanning could detect wireless access points. During a half-hour drive that covered about eight miles, he picked up 236 wireless access points including government, business and personal wireless local-area networks (WLANs).

More than half of those access points — 135 — didn't have Web-enabled encryption to protect data sent over the WLANs. The NetStumbler software listed the network's message authentication code address and whether data is encrypted, the name of the network if the company or agency chose to broadcast it, the radio channel it is located on, and the type of access point device being used.

The nonencrypted WLANs represent low-hanging fruit for hackers or intruders, Waskelis said. He added that the nonencrypted networks could have other security features to block access, but intruders can use "access points to get to the Internet." And by using someone else's IP address, a person can hide his or her identity.

"War walking" or "war driving," the process of moving around a city looking for access points in order to penetrate WLANs, is becoming more prevalent, according to industry experts. Another common occurrence is "war chalking," when intruders mark the spot where wireless access points can be picked up, said Mike Disabato, a senior analyst with the Burton Group, an information technology consulting firm.

"Most [intruders] are looking for free Internet access, which is an illegal use of your services," Disabato said. But others may want to steal data, he added.


Wireless war drive stats

A "war drive" through downtown Washington, D.C., detected the following:

* 236 wireless access points.

* 135 unencrypted wireless LANs.

* 8 peer-to-peer connections.

* 11 unnamed networks.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.